Public servants have been advised not to use TikTok on work devices because security threats cannot be ruled out.
The app is to be removed from work phones used by workers at State agencies and Government departments in a precautionary move based on advice by the security advisory body.
The app can still be used in exceptional cases where there is a business need, such as for press purposes.
TikTok has come under fire in the US, Europe and Asia, where a growing number of governments have banned the app from devices used for official business over worries it poses risks to cybersecurity and data privacy or could be used to push pro-Beijing narratives and misinformation.
Director of the National Cyber Security Centre, Richard Browne, said on Friday although it did not find any “apparent cybersecurity vulnerabilities”, it could not rule out the risk.
“However, it does have extremely high permissions. It’s not a secret, it says this in the terms of service, and also gathers and stores very large amounts of user data, including sensitive personal data.
“So, it is on the very high end, if not the highest end, in terms of the amount of user data it collects.”
Among the other potential risks cited for Government users were: its “relatively unusual” ownership structure; its employees being beholden to Chinese intelligence gathering laws; and an admission by the company that EU users’ data had been made available to engineers in China.
“The approach we’ve taken as ever is precautionary in nature, it is designed to ensure that if nothing else, this route can’t be used.
“To be very clear, we’re not saying the application can’t be used by other individuals, or shouldn’t be used by politicians outside of official devices.
“Social media of every description is a hugely powerful tool for individuals and the political system alike for democracy, in terms of sharing and engaging with each other. It’s a really vital tool. As such, there’s no reason on earth why private individuals or politicians on their personal devices can’t use this.
“That’s not the risk we’re talking about here. The risk here is to public data held on publicly-owned devices.”